From patchwork Mon Aug 29 11:45:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Gobert X-Patchwork-Id: 12957711 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30ED0ECAAD4 for ; Mon, 29 Aug 2022 12:21:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231906AbiH2MVP (ORCPT ); Mon, 29 Aug 2022 08:21:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231240AbiH2MU4 (ORCPT ); Mon, 29 Aug 2022 08:20:56 -0400 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B077A6C27; Mon, 29 Aug 2022 05:04:19 -0700 (PDT) Received: by mail-wm1-x32e.google.com with SMTP id ay39-20020a05600c1e2700b003a5503a80cfso4308443wmb.2; Mon, 29 Aug 2022 05:04:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:from:to:cc; bh=hxqAbFcpuVmdCzBbtEdTgdjeLFVRaXCJcGCpu8UlHog=; b=iZzG6XdkeygsKjHjT6RHpXFX6DlmUVFzmovWRy8vNxWLeceNyeXYUKr7L2XB4+8AVq aahDfhtahb9AAneV5jaW2aYoF+XY26cVuqyDoLP5zOeN57xcRIicsllLxN2YrHhBJWFF f2+pHPwMdJOcfsrSB/qE2aIjOGfrwCYmc2X3awL4QPEeLhFp6eR2bQ7uhoxf15GL7Qcc LmA8cXhgJ+zR9f3Bq6Nq7fyPEqxDBuHAEq0wuMSTFfURW3nElycUDfgfX6p1JCsdgyjf XqSL+QnTp4e15Yz/u+jtPc+QXYOvwhTcnS8kLQvdI9J4qFa2KG4qj0bHUmYne1tcX+f4 rBFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:x-gm-message-state:from:to:cc; bh=hxqAbFcpuVmdCzBbtEdTgdjeLFVRaXCJcGCpu8UlHog=; b=mJVvjSYyfFUjLfAS/mMZULatd0WHiDEke5qX1UD7NkofsY3tUKOaCykwteyT7ja6j8 L/WS8BlGK0cq91vZ/IafHDGGdIoFPe6hNmzt4zLZbZAhvIGZg4o41Oq5JetMmOEAg0zl Ko/n7yLfTLm5/5ABxCStTnfG8ZzUw7NM/3TysTE2XivHSqHCBT2vZGrOuCACEK2Sgy5z qpVNuC3Yxb1QtRmggRYOAlifj2otK/cy7lKICeC66PvdL98fNxswrzCaZwTnkMGeY0op cIqFfWbaQKiY3e4azrXga9BE/htAsSv6ISdCXShC3u/yLR8t8uKr23+tf/20NjG3LnsW rpeA== X-Gm-Message-State: ACgBeo0++LOYr2JpCMmdCAaXh6ItEkR0tFUnE/muF0rIPfpKIes5bwh6 gj7+cn4gqBmV/8d2eRFfDacmf/tAe5I= X-Google-Smtp-Source: AA6agR7YxhHVMj9XWpJVMLkVYl9/G+NCIxQVTy6U5aONCYYoP9w92jav+CBywTEPIw3JdyMrtVUZ+g== X-Received: by 2002:a05:600c:3b8c:b0:3a6:71a:f286 with SMTP id n12-20020a05600c3b8c00b003a6071af286mr6463379wms.120.1661773632330; Mon, 29 Aug 2022 04:47:12 -0700 (PDT) Received: from debian ([89.238.191.199]) by smtp.gmail.com with ESMTPSA id o7-20020adfeac7000000b00226332f9275sm6768446wrn.22.2022.08.29.04.46.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Aug 2022 04:47:12 -0700 (PDT) Date: Mon, 29 Aug 2022 13:45:20 +0200 From: Richard Gobert To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, corbet@lwn.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, alex.aring@gmail.com, stefan@datenfreihafen.org, pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, kafai@fb.com, netdev@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-wpan@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH 1/4] net-next: frags: move inetpeer from ip4 to inet Message-ID: <20220829114507.GA2348@debian> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Move frags-related inetpeer logic from ip4 to inet. This allows us to access peer information inside inet_frag logic. Signed-off-by: Richard Gobert --- include/net/inet_frag.h | 1 + net/ipv4/inet_fragment.c | 11 ++++++++++- net/ipv4/ip_fragment.c | 19 +++---------------- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h index 0b0876610553..05d95fad8a1a 100644 --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h @@ -98,6 +98,7 @@ struct inet_frag_queue { __u8 flags; u16 max_size; struct fqdir *fqdir; + struct inet_peer *peer; struct rcu_head rcu; }; diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c index c9f9ac5013a7..c3ec1dbe7081 100644 --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c @@ -23,6 +23,7 @@ #include #include #include +#include /* Use skb->cb to track consecutive/adjacent fragments coming at * the end of the queue. Nodes in the rb-tree queue will @@ -282,6 +283,14 @@ unsigned int inet_frag_rbtree_purge(struct rb_root *root) } EXPORT_SYMBOL(inet_frag_rbtree_purge); +void inet_frag_free(struct inet_frag_queue *q) +{ + if (q->peer) + inet_putpeer(q->peer); + + call_rcu(&q->rcu, inet_frag_destroy_rcu); +} + void inet_frag_destroy(struct inet_frag_queue *q) { struct fqdir *fqdir; @@ -297,7 +306,7 @@ void inet_frag_destroy(struct inet_frag_queue *q) sum_truesize = inet_frag_rbtree_purge(&q->rb_fragments); sum = sum_truesize + f->qsize; - call_rcu(&q->rcu, inet_frag_destroy_rcu); + inet_frag_free(q); sub_frag_mem_limit(fqdir, sum); } diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index fb153569889e..d0c22c41cf26 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -65,7 +65,6 @@ struct ipq { u16 max_df_size; /* largest frag with DF set seen */ int iif; unsigned int rid; - struct inet_peer *peer; }; static u8 ip4_frag_ecn(u8 tos) @@ -88,21 +87,9 @@ static void ip4_frag_init(struct inet_frag_queue *q, const void *a) q->key.v4 = *key; qp->ecn = 0; - qp->peer = q->fqdir->max_dist ? - inet_getpeer_v4(net->ipv4.peers, key->saddr, key->vif, 1) : - NULL; + q->peer = inet_getpeer_v4(net->ipv4.peers, key->saddr, key->vif, 1); } -static void ip4_frag_free(struct inet_frag_queue *q) -{ - struct ipq *qp; - - qp = container_of(q, struct ipq, q); - if (qp->peer) - inet_putpeer(qp->peer); -} - - /* Destruction primitives. */ static void ipq_put(struct ipq *ipq) @@ -224,7 +211,7 @@ static struct ipq *ip_find(struct net *net, struct iphdr *iph, /* Is the fragment too far ahead to be part of ipq? */ static int ip_frag_too_far(struct ipq *qp) { - struct inet_peer *peer = qp->peer; + struct inet_peer *peer = qp->q.peer; unsigned int max = qp->q.fqdir->max_dist; unsigned int start, end; @@ -741,7 +728,7 @@ static const struct rhashtable_params ip4_rhash_params = { void __init ipfrag_init(void) { ip4_frags.constructor = ip4_frag_init; - ip4_frags.destructor = ip4_frag_free; + ip4_frags.destructor = NULL; ip4_frags.qsize = sizeof(struct ipq); ip4_frags.frag_expire = ip_expire; ip4_frags.frags_cache_name = ip_frag_cache_name; From patchwork Mon Aug 29 11:46:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Gobert X-Patchwork-Id: 12957678 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90E14ECAAD2 for ; Mon, 29 Aug 2022 12:04:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231244AbiH2ME5 (ORCPT ); Mon, 29 Aug 2022 08:04:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229694AbiH2MEc (ORCPT ); Mon, 29 Aug 2022 08:04:32 -0400 Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AD9A9C21C; Mon, 29 Aug 2022 04:49:23 -0700 (PDT) Received: by mail-wr1-x42b.google.com with SMTP id n17so9849145wrm.4; Mon, 29 Aug 2022 04:49:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:from:to:cc; bh=WSe10S+UrlTuQKvK/O7PfNOC5iT/6H3QC5eaRG38WEw=; b=LAxp47JBaTGyv93BoVrRKUlb1IN6IC4DAWm6nF1Cfo9jbYyQ1Cf2YaB8Cl/cLuH3A1 wcqeSxxKzq1suPI7vl3hwv9XXQaeLW+j7EJ/bganLFBmHqmazeGdSBrwmAhQn6R23zSN pQI5/eKRW0R4W5zjlSUKGvDZJkj2LIEnLSlOdFh5N/P+lNOMkjHY+5RuuYPAwLGplp0C eDwpLobySDdr2Pl3zCiqyitlLzJPOHi0YSjpX6M54N/StmqXZxRWzTqKhe/8ICDtEx0P Lx+72juIHuaSbu00WA/BCx+IebL3+HdDG3QONd+UIQEZQmGG4qqY+QKofi+31Wjy/5MB zjcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:x-gm-message-state:from:to:cc; bh=WSe10S+UrlTuQKvK/O7PfNOC5iT/6H3QC5eaRG38WEw=; b=yZGv3O0xuLFo7KvPpk8PQIcfdsX6gblpw6TZb/Tt71fMOGpkc6HnHxLhYMTMszrE/s Nlnmyj2Fsnn20UV8XARXJNAdVwhBKxMTtZ834LxB6tdkKEV+NtgGiL9l3AEINvgwpnN4 VlfvRrho13YGxmKKc1OZ1bUIZ8gLvy/7fCFjH16FzijuyYpUdfNoI9SLE+4L+IVaHOrE b/vpplluY2ZvjBULlq55xSJTorYJMY8e1L5+iVkw5U2n12/LlOhnu/RiCYgRTPoGCpuU IivhcSTzOdBUwC91Kswrf6UtFlUydh39ICx1DRKf7hKhrIVnx3sW2/aujxFshVdiR+u7 cj+A== X-Gm-Message-State: ACgBeo1OmJeRQDxTy7QjA60BEOqnerpbSAceLV04fuHTuxrFJ5W0aCdf VkuKggLxUAo66jpGapzmE1Q= X-Google-Smtp-Source: AA6agR6kfgXYwZGeBJpTHShgVFVG4lxwfk9krywGZYd0suW6qyKg1rpeZ4+h2TiYTq/A8FltRxBBvA== X-Received: by 2002:a05:6000:4005:b0:225:8b27:e6d5 with SMTP id cy5-20020a056000400500b002258b27e6d5mr6066243wrb.603.1661773679149; Mon, 29 Aug 2022 04:47:59 -0700 (PDT) Received: from debian ([89.238.191.199]) by smtp.gmail.com with ESMTPSA id az26-20020adfe19a000000b0022529d3e911sm7047402wrb.109.2022.08.29.04.47.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Aug 2022 04:47:58 -0700 (PDT) Date: Mon, 29 Aug 2022 13:46:08 +0200 From: Richard Gobert To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, corbet@lwn.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, alex.aring@gmail.com, stefan@datenfreihafen.org, pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, kafai@fb.com, netdev@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-wpan@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH 2/4] net-next: ip6: fetch inetpeer in ip6frag_init Message-ID: <20220829114600.GA2374@debian> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Obtain the IPv6 peer in ip6frag_init, to allow for peer memory tracking in the IPv6 fragment reassembly logic. Signed-off-by: Richard Gobert --- include/net/ipv6_frag.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/net/ipv6_frag.h b/include/net/ipv6_frag.h index 5052c66e22d2..62760cd3bdd1 100644 --- a/include/net/ipv6_frag.h +++ b/include/net/ipv6_frag.h @@ -6,6 +6,7 @@ #include #include #include +#include enum ip6_defrag_Richard Goberts { IP6_DEFRAG_LOCAL_DELIVER, @@ -33,9 +34,11 @@ static inline void ip6frag_init(struct inet_frag_queue *q, const void *a) { struct frag_queue *fq = container_of(q, struct frag_queue, q); const struct frag_v6_compare_key *key = a; + const struct net *net = q->fqdir->net; q->key.v6 = *key; fq->ecn = 0; + q->peer = inet_getpeer_v6(net->ipv6.peers, &key->saddr, 1); } static inline u32 ip6frag_key_hashfn(const void *data, u32 len, u32 seed) From patchwork Mon Aug 29 11:46:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Gobert X-Patchwork-Id: 12957679 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBDE9ECAAD4 for ; Mon, 29 Aug 2022 12:05:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230321AbiH2MFm (ORCPT ); Mon, 29 Aug 2022 08:05:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230174AbiH2MFW (ORCPT ); Mon, 29 Aug 2022 08:05:22 -0400 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE7B724951; Mon, 29 Aug 2022 04:50:13 -0700 (PDT) Received: by mail-wr1-x429.google.com with SMTP id e13so8927483wrm.1; Mon, 29 Aug 2022 04:50:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:from:to:cc; bh=1JiBGFDUygYonHEBJhR3zRy23bYSWcBPqoBDbyk9LKM=; b=o9pNB1tNXfWww6OS+v+xmZxDuCAFsASJkg0mb8Tx4Bf7shgj24utrrz6jvklu5yiPO QmemOsLxjLBlKj3GBSf70/UwcFLX4Ww71cETLbwFN6qYq5dIQn37sQ2RIymc1+m5Hs8Q b5JU+ojPf8yXpy8ye58gMCB72A+oK5TmXRQdpymIaJ2RDee4IAJ44yHHnr0FVUgAKvw0 nRITg5165yLluoJsNJVK1yjG94yjxPniJanuWCuaM+tSzNd2BYc4FXO0EIya8iTLh0EN 7l7XzrI4YIfTodENWApRXRCCqJnobc3U/bB+W5uMM8AQ8ycg3DPOfHnUB6EnpQVOJ23r DX/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:x-gm-message-state:from:to:cc; bh=1JiBGFDUygYonHEBJhR3zRy23bYSWcBPqoBDbyk9LKM=; b=NObK9wraEQD2O2ZlhMOWKZGtjbmhrrLrtnYm00upATaSdTaJwbZZEhizEARYsRpon+ H0P2O7bsu9pz20R9jcy0lP7ry3csNRdGlXhdyUcixspkIf8UF+hCndeHr4kgeOrpW3Fb iRkAu4d/hFI3qY6sry/ob7IQDMIB7e074kRytoKxMQxdaeQPrcJvgC8giFVegUW3jv21 SxeSbgrs04DiwmBuC+/zg2JbVssYDfDd+4wZ4oFlQ9z8kAj8jKDHLBWs1Ik6IoaehC9X LHlMdqAmLmTBfNEffwnzGfon9CbrPsmoj9TZkm9eGMK8Wdb+Z6m/2gK08gncOti0Q3rn 73Xw== X-Gm-Message-State: ACgBeo2uYI1vqJFSzBDo9FtKv1mFNsD3AcIgYEz0spV7CXcQQJSdlvrd 3n8r4PB8sKYdBzqv3NFUEZE= X-Google-Smtp-Source: AA6agR4Gmyr4z3mS+5k0dLTFB7X7LzA++0d137SxJ1m9vPE3CqWEv0bDknBmvr0bQVkIc1tfpqsACA== X-Received: by 2002:a5d:468d:0:b0:226:d8d9:25e3 with SMTP id u13-20020a5d468d000000b00226d8d925e3mr3216538wrq.415.1661773724712; Mon, 29 Aug 2022 04:48:44 -0700 (PDT) Received: from debian ([89.238.191.199]) by smtp.gmail.com with ESMTPSA id l9-20020a7bc349000000b003a5fa79007fsm8660454wmj.7.2022.08.29.04.48.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Aug 2022 04:48:44 -0700 (PDT) Date: Mon, 29 Aug 2022 13:46:57 +0200 From: Richard Gobert To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, corbet@lwn.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, alex.aring@gmail.com, stefan@datenfreihafen.org, pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, kafai@fb.com, netdev@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-wpan@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH 3/4] net-next: frags: add inetpeer frag_mem tracking Message-ID: <20220829114648.GA2409@debian> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Track per-peer fragment memory usage, using the existing per-fqdir memory tracking logic. Signed-off-by: Richard Gobert --- include/net/inet_frag.h | 11 ++------ include/net/inetpeer.h | 1 + net/ieee802154/6lowpan/reassembly.c | 2 +- net/ipv4/inet_fragment.c | 36 ++++++++++++++++++++----- net/ipv4/inetpeer.c | 1 + net/ipv4/ip_fragment.c | 4 +-- net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/reassembly.c | 2 +- 8 files changed, 38 insertions(+), 21 deletions(-) diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h index 05d95fad8a1a..077a0ec78a58 100644 --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h @@ -155,15 +155,8 @@ static inline long frag_mem_limit(const struct fqdir *fqdir) return atomic_long_read(&fqdir->mem); } -static inline void sub_frag_mem_limit(struct fqdir *fqdir, long val) -{ - atomic_long_sub(val, &fqdir->mem); -} - -static inline void add_frag_mem_limit(struct fqdir *fqdir, long val) -{ - atomic_long_add(val, &fqdir->mem); -} +void sub_frag_mem_limit(struct inet_frag_queue *q, long val); +void add_frag_mem_limit(struct inet_frag_queue *q, long val); /* RFC 3168 support : * We want to check ECN values of all fragments, do detect invalid combinations. diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h index 74ff688568a0..1c602a706742 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h @@ -41,6 +41,7 @@ struct inet_peer { u32 rate_tokens; /* rate limiting for ICMP */ u32 n_redirects; unsigned long rate_last; + atomic_long_t frag_mem; /* * Once inet_peer is queued for deletion (refcnt == 0), following field * is not available: rid diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c index a91283d1e5bf..0bf207e94082 100644 --- a/net/ieee802154/6lowpan/reassembly.c +++ b/net/ieee802154/6lowpan/reassembly.c @@ -135,7 +135,7 @@ static int lowpan_frag_queue(struct lowpan_frag_queue *fq, fq->q.flags |= INET_FRAG_FIRST_IN; fq->q.meat += skb->len; - add_frag_mem_limit(fq->q.fqdir, skb->truesize); + add_frag_mem_limit(&fq->q, skb->truesize); if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && fq->q.meat == fq->q.len) { diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c index c3ec1dbe7081..8b8d77d548d4 100644 --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c @@ -250,6 +250,29 @@ void inet_frag_kill(struct inet_frag_queue *fq) } EXPORT_SYMBOL(inet_frag_kill); +static inline long peer_mem_limit(const struct inet_frag_queue *q) +{ + if (!q->peer) + return 0; + return atomic_long_read(&q->peer->frag_mem); +} + +void sub_frag_mem_limit(struct inet_frag_queue *q, long val) +{ + if (q->peer) + atomic_long_sub(val, &q->peer->frag_mem); + atomic_long_sub(val, &q->fqdir->mem); +} +EXPORT_SYMBOL(sub_frag_mem_limit); + +void add_frag_mem_limit(struct inet_frag_queue *q, long val) +{ + if (q->peer) + atomic_long_add(val, &q->peer->frag_mem); + atomic_long_add(val, &q->fqdir->mem); +} +EXPORT_SYMBOL(add_frag_mem_limit); + static void inet_frag_destroy_rcu(struct rcu_head *head) { struct inet_frag_queue *q = container_of(head, struct inet_frag_queue, @@ -306,9 +329,8 @@ void inet_frag_destroy(struct inet_frag_queue *q) sum_truesize = inet_frag_rbtree_purge(&q->rb_fragments); sum = sum_truesize + f->qsize; + sub_frag_mem_limit(q, sum); inet_frag_free(q); - - sub_frag_mem_limit(fqdir, sum); } EXPORT_SYMBOL(inet_frag_destroy); @@ -324,7 +346,7 @@ static struct inet_frag_queue *inet_frag_alloc(struct fqdir *fqdir, q->fqdir = fqdir; f->constructor(q, arg); - add_frag_mem_limit(fqdir, f->qsize); + add_frag_mem_limit(q, f->qsize); timer_setup(&q->timer, f->frag_expire, 0); spin_lock_init(&q->lock); @@ -483,7 +505,7 @@ void *inet_frag_reasm_prepare(struct inet_frag_queue *q, struct sk_buff *skb, delta += head->truesize; if (delta) - add_frag_mem_limit(q->fqdir, delta); + add_frag_mem_limit(q, delta); /* If the first fragment is fragmented itself, we split * it to two chunks: the first with data and paged part @@ -505,7 +527,7 @@ void *inet_frag_reasm_prepare(struct inet_frag_queue *q, struct sk_buff *skb, head->truesize += clone->truesize; clone->csum = 0; clone->ip_summed = head->ip_summed; - add_frag_mem_limit(q->fqdir, clone->truesize); + add_frag_mem_limit(q, clone->truesize); skb_shinfo(head)->frag_list = clone; nextp = &clone->next; } else { @@ -575,7 +597,7 @@ void inet_frag_reasm_finish(struct inet_frag_queue *q, struct sk_buff *head, rbn = rbnext; } } - sub_frag_mem_limit(q->fqdir, sum_truesize); + sub_frag_mem_limit(q, sum_truesize); *nextp = NULL; skb_mark_not_on_list(head); @@ -604,7 +626,7 @@ struct sk_buff *inet_frag_pull_head(struct inet_frag_queue *q) if (head == q->fragments_tail) q->fragments_tail = NULL; - sub_frag_mem_limit(q->fqdir, head->truesize); + sub_frag_mem_limit(q, head->truesize); return head; } diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c index e9fed83e9b3c..6e7325dba417 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c @@ -216,6 +216,7 @@ struct inet_peer *inet_getpeer(struct inet_peer_base *base, p->dtime = (__u32)jiffies; refcount_set(&p->refcnt, 2); atomic_set(&p->rid, 0); + atomic_long_set(&p->frag_mem, 0); p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; p->rate_tokens = 0; p->n_redirects = 0; diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index d0c22c41cf26..e35061f6aadb 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -242,7 +242,7 @@ static int ip_frag_reinit(struct ipq *qp) } sum_truesize = inet_frag_rbtree_purge(&qp->q.rb_fragments); - sub_frag_mem_limit(qp->q.fqdir, sum_truesize); + sub_frag_mem_limit(&qp->q, sum_truesize); qp->q.flags = 0; qp->q.len = 0; @@ -339,7 +339,7 @@ static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb) qp->q.mono_delivery_time = skb->mono_delivery_time; qp->q.meat += skb->len; qp->ecn |= ecn; - add_frag_mem_limit(qp->q.fqdir, skb->truesize); + add_frag_mem_limit(&qp->q, skb->truesize); if (offset == 0) qp->q.flags |= INET_FRAG_FIRST_IN; diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 7dd3629dd19e..11ce2335c584 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -269,7 +269,7 @@ static int nf_ct_frag6_queue(struct frag_queue *fq, struct sk_buff *skb, fq->ecn |= ecn; if (payload_len > fq->q.max_size) fq->q.max_size = payload_len; - add_frag_mem_limit(fq->q.fqdir, skb->truesize); + add_frag_mem_limit(&fq->q, skb->truesize); /* The first fragment. * nhoffset is obtained from the first fragment, of course. diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index ff866f2a879e..cd4ba6cc956b 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c @@ -197,7 +197,7 @@ static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, fq->q.mono_delivery_time = skb->mono_delivery_time; fq->q.meat += skb->len; fq->ecn |= ecn; - add_frag_mem_limit(fq->q.fqdir, skb->truesize); + add_frag_mem_limit(&fq->q, skb->truesize); fragsize = -skb_network_offset(skb) + skb->len; if (fragsize > fq->q.max_size) From patchwork Mon Aug 29 11:47:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Gobert X-Patchwork-Id: 12957691 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70980C3DA6B for ; Mon, 29 Aug 2022 12:11:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230368AbiH2MLP (ORCPT ); Mon, 29 Aug 2022 08:11:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229513AbiH2MK4 (ORCPT ); Mon, 29 Aug 2022 08:10:56 -0400 Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED2B02BE2; Mon, 29 Aug 2022 04:55:58 -0700 (PDT) Received: by mail-wm1-f42.google.com with SMTP id m17-20020a7bce11000000b003a5bedec07bso8044844wmc.0; Mon, 29 Aug 2022 04:55:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:from:to:cc; bh=IRQQodgrI0rD6EnFTbfw2xeJ3D9VPk4cilZ4rKqcs2s=; b=I2gVmNfGRk97P073p11Fzfpoyc8jaV4344s+6x4KYyqkS6KxaPxEgqOgN9IBzfgs98 bpnrYyraIgjSQqwsyD0O/xQ4CkQiL31avQ172TXu1bkeWN+V6gAt3FVtALYDUD4Fc4dZ 0i6LYUdM/iNJArhk8oPo0VbLXrkLsL6SHiKvneLgmq00JGCmkM0+yLzmyXLUQ0+RRS5j 40GhMeoTcpaOc9A0wiCefIu1M3Sn9KCF8IEUDzoR8/hrcUbiW3d4U9hp5RGin/HHBEFb TFu8y7DwF0XIdB12y83MR758WPbQO31QN+z3jF+nLjUaGf38uK65ndmLr8MrG+k6mb0o VEOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=user-agent:content-disposition:mime-version:message-id:subject:to :from:date:x-gm-message-state:from:to:cc; bh=IRQQodgrI0rD6EnFTbfw2xeJ3D9VPk4cilZ4rKqcs2s=; b=Et85OrLTu1pmtbsjbMy2Gcrx5TO3brdkix/JRz2mVxXZG3S7pt50SLymA4Py98Ry3P ntXnAxCKC+VeJZ1ENOYIxfq0jVe+TQuWSBK9xkbuMH/ulqHUejZGTrJOJc/x8rePpsQ4 Re6k5m8pYM8q0jj/lPHlGkktrlG4O76Cvi021bU8XjObRCR0ctasm9oPvJvGDaf1vUPm nEJHKkDiR4k0DTFuiUCtY/EPreVBHOh5BIK8gdjdr96g91qo0MDSA2VWKna72U2pRD8x zYcb8uxsymYTfClPsGao00ozKVg5tpj1VbmSvjzuY2fz/3CSasCjHpLwbhvpoj/oVj6V BAkg== X-Gm-Message-State: ACgBeo3mqJQxMQw5YTMsJgyoRmcjn8n4dbtAQpq7tO89budd2W6voYIh FMKr1KxE/QIvugG7ajJ8nAM= X-Google-Smtp-Source: AA6agR5+TRvLKL/hosvHkbd9eCcEl4Wk9DuFLZLrpdGPTJ0t4wvGsTFJIwtXVuOLW+wjIaYxu+H/Mw== X-Received: by 2002:a05:600c:1c88:b0:3a8:3e79:7214 with SMTP id k8-20020a05600c1c8800b003a83e797214mr5101643wms.155.1661773782991; Mon, 29 Aug 2022 04:49:42 -0700 (PDT) Received: from debian ([89.238.191.199]) by smtp.gmail.com with ESMTPSA id r10-20020adff10a000000b002211fc70174sm7851027wro.99.2022.08.29.04.49.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Aug 2022 04:49:42 -0700 (PDT) Date: Mon, 29 Aug 2022 13:47:49 +0200 From: Richard Gobert To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, corbet@lwn.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, alex.aring@gmail.com, stefan@datenfreihafen.org, pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, kafai@fb.com, netdev@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-wpan@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH 4/4] net-next: frags: dynamic timeout under load Message-ID: <20220829114739.GA2436@debian> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Calculate a dynamic fragment reassembly timeout, taking into consideration the current fqdir load and the load introduced by the peer. Reintroduce low_thresh, which now acts as a knob for adjusting per-peer memory limits. Signed-off-by: Richard Gobert --- Documentation/networking/ip-sysctl.rst | 3 +++ include/net/inet_frag.h | 1 + net/ipv4/inet_fragment.c | 30 +++++++++++++++++++++++++- net/ipv4/ip_fragment.c | 2 +- 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 56cd4ea059b2..fb25aa6e22a2 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -247,6 +247,9 @@ ipfrag_low_thresh - LONG INTEGER begins to remove incomplete fragment queues to free up resources. The kernel still accepts new fragments for defragmentation. + (Since linux-6.1) + Maximum memory used to reassemble IP fragments sent by a single peer. + ipfrag_time - INTEGER Time in seconds to keep an IP fragment in memory. diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h index 077a0ec78a58..595a6db57a0e 100644 --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h @@ -99,6 +99,7 @@ struct inet_frag_queue { u16 max_size; struct fqdir *fqdir; struct inet_peer *peer; + u64 timeout; struct rcu_head rcu; }; diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c index 8b8d77d548d4..34c5ebba4951 100644 --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c @@ -314,6 +314,30 @@ void inet_frag_free(struct inet_frag_queue *q) call_rcu(&q->rcu, inet_frag_destroy_rcu); } +static int inet_frag_update_timeout(struct inet_frag_queue *q) +{ + u64 peer_timeout, inet_timeout; + long peer_mem, inet_mem; + long high_thresh = READ_ONCE(q->fqdir->high_thresh); + long low_thresh = READ_ONCE(q->fqdir->low_thresh); + u64 base_timeout = READ_ONCE(q->fqdir->timeout); + + peer_mem = low_thresh - peer_mem_limit(q); + inet_mem = high_thresh - frag_mem_limit(q->fqdir); + + if (peer_mem <= 0 || inet_mem <= 0) + return -ENOMEM; + + /* Timeout changes linearly with respect to the amount of free memory. + * Choose the more permissive of the two timeouts, to avoid limiting + * the system while there is still enough memory. + */ + peer_timeout = div64_long(base_timeout * peer_mem, low_thresh); + inet_timeout = div64_long(base_timeout * inet_mem, high_thresh); + q->timeout = max_t(u64, peer_timeout, inet_timeout); + return 0; +} + void inet_frag_destroy(struct inet_frag_queue *q) { struct fqdir *fqdir; @@ -346,6 +370,10 @@ static struct inet_frag_queue *inet_frag_alloc(struct fqdir *fqdir, q->fqdir = fqdir; f->constructor(q, arg); + if (inet_frag_update_timeout(q)) { + inet_frag_free(q); + return NULL; + } add_frag_mem_limit(q, f->qsize); timer_setup(&q->timer, f->frag_expire, 0); @@ -367,7 +395,7 @@ static struct inet_frag_queue *inet_frag_create(struct fqdir *fqdir, *prev = ERR_PTR(-ENOMEM); return NULL; } - mod_timer(&q->timer, jiffies + fqdir->timeout); + mod_timer(&q->timer, jiffies + q->timeout); *prev = rhashtable_lookup_get_insert_key(&fqdir->rhashtable, &q->key, &q->node, f->rhash_params); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index e35061f6aadb..88a99242d721 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -236,7 +236,7 @@ static int ip_frag_reinit(struct ipq *qp) { unsigned int sum_truesize = 0; - if (!mod_timer(&qp->q.timer, jiffies + qp->q.fqdir->timeout)) { + if (!mod_timer(&qp->q.timer, jiffies + qp->q.timeout)) { refcount_inc(&qp->q.refcnt); return -ETIMEDOUT; }